cybernews

fuite de donnée enregistrée

Latest News


CVE-2025-5658 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5658
Published : June 5, 2025, 1:15 p.m. | 1 hour, 9 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function of the file /admin/updatecomplaint.php. The manipulation of the argument Status leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 13:15:00 GMT

read more

CVE-2025-5659 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5659
Published : June 5, 2025, 1:15 p.m. | 1 hour, 9 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Complaint Management System 2.0. Affected by this vulnerability is an unknown functionality of the file /user/profile.php. The manipulation of the argument pincode leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 13:15:00 GMT

read more

CVE-2025-5660 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5660
Published : June 5, 2025, 1:15 p.m. | 1 hour, 9 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 2.0. Affected by this issue is some unknown functionality of the file /user/register-complaint.php. The manipulation of the argument noc leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 13:15:00 GMT

read more

CVE-2011-10007 - Apache::FileFind::Rule Arbitrary Code Execution Vulnerability

CVE ID : CVE-2011-10007
Published : June 5, 2025, 12:15 p.m. | 2 hours, 9 minutes ago
Description : File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename. A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed. Example: $ mkdir /tmp/poc; echo > "/tmp/poc/|id" $ perl -MFile::Find::Rule \     -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")' uid=1000(user) gid=1000(user) groups=1000(user),100(users)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 12:15:00 GMT

read more

CVE-2025-5341 - Forminator Forms Stored Cross-Site Scripting (XSS)

CVE ID : CVE-2025-5341
Published : June 5, 2025, 12:15 p.m. | 2 hours, 9 minutes ago
Description : The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id' and 'data-size’ parameters in all versions up to, and including, 1.44.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 12:15:00 GMT

read more

CVE-2025-5656 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5656
Published : June 5, 2025, 12:15 p.m. | 2 hours, 9 minutes ago
Description : A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit-category.php. The manipulation of the argument description leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 12:15:00 GMT

read more

CVE-2025-5657 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5657
Published : June 5, 2025, 12:15 p.m. | 2 hours, 9 minutes ago
Description : A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/manage-users.php. The manipulation of the argument uid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 12:15:00 GMT

read more

CVE-2025-5701 - HyperComments WordPress Privilege Escalation Vulnerability

CVE ID : CVE-2025-5701
Published : June 5, 2025, 12:15 p.m. | 2 hours, 9 minutes ago
Description : The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 12:15:00 GMT

read more

Retour sur le webinaire « Comment se faire labelliser ExpertCyber ? »

Organisé le 3 juin 2025, le webinaire « Comment se faire labelliser ExpertCyber ? » avait pour objectif de présenter les enjeux et modalités de la labellisation ExpertCyber, destinée aux prestataires de services informatique justifiant d’une expertise en cybersécurité.

Thu, 05 Jun 2025 12:02:00 GMT

read more

CVE-2025-5653 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5653
Published : June 5, 2025, 11:15 a.m. | 3 hours, 9 minutes ago
Description : A vulnerability has been found in PHPGurukul Complaint Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/between-date-userreport.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 11:15:00 GMT

read more

CVE-2025-5654 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5654
Published : June 5, 2025, 11:15 a.m. | 3 hours, 9 minutes ago
Description : A vulnerability was found in PHPGurukul Complaint Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-state.php. The manipulation of the argument description leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 11:15:00 GMT

read more

CVE-2025-5655 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5655
Published : June 5, 2025, 11:15 a.m. | 3 hours, 9 minutes ago
Description : A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument subcategory leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 11:15:00 GMT

read more

CVE-2025-4568 - Apache HTTP Server Blind SQL Injection

CVE ID : CVE-2025-4568
Published : June 5, 2025, 10:15 a.m. | 4 hours, 9 minutes ago
Description : Improper neutralization of input provided by an unauthorized user into changes__reference_id parameter in URL allows for boolean-based Blind SQL Injection attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 10:15:00 GMT

read more

CVE-2025-5650 - 1000projects Online Notice Board SQL Injection Vulnerability

CVE ID : CVE-2025-5650
Published : June 5, 2025, 10:15 a.m. | 4 hours, 9 minutes ago
Description : A vulnerability classified as critical was found in 1000projects Online Notice Board 1.0. This vulnerability affects unknown code of the file /register.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 10:15:00 GMT

read more

CVE-2025-5651 - "Traffic Offense Reporting System Cross-Site Scripting Vulnerability"

CVE ID : CVE-2025-5651
Published : June 5, 2025, 10:15 a.m. | 4 hours, 9 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in code-projects Traffic Offense Reporting System 1.0. This issue affects some unknown processing of the file saveuser.php. The manipulation of the argument user_id/username/email/name/position leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 10:15:00 GMT

read more

CVE-2025-5652 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5652
Published : June 5, 2025, 10:15 a.m. | 4 hours, 9 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function of the file /admin/between-date-complaintreport.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 10:15:00 GMT

read more

CVE-2025-5647 - Radare2 Radiff2 Memory Corruption Vulnerability

CVE ID : CVE-2025-5647
Published : June 5, 2025, 9:15 a.m. | 5 hours, 9 minutes ago
Description : A vulnerability was found in Radare2 5.9.9 and classified as problematic. This issue affects the function r_cons_context_break_pop in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 09:15:00 GMT

read more

CVE-2025-5648 - Radare2 Buffer Overflow in r_cons_pal_init

CVE ID : CVE-2025-5648
Published : June 5, 2025, 9:15 a.m. | 5 hours, 9 minutes ago
Description : A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 09:15:00 GMT

read more

CVE-2025-5649 - SourceCodester Student Result Management System Remote Access Control Bypass

CVE ID : CVE-2025-5649
Published : June 5, 2025, 9:15 a.m. | 5 hours, 9 minutes ago
Description : A vulnerability classified as critical has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /admin/core/new_user of the component Register Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 09:15:00 GMT

read more

Soldes drsquo;été : 7 conseils pour éviter les cyber-arnaques

Durant les périodes promotionnelles, Cybermalveillance.gouv.fr appelle à la plus grande vigilance et délivre 7 conseils pour éviter de se faire escroquer.

Thu, 05 Jun 2025 09:00:00 GMT

read more

Lettres drsquo;information

Actualités, contenus et ressources thématiques pour vous sensibiliser aux risques numériques et aux bonnes pratiques associées, informations sur les cybermenaces… Retrouvez dans cette section les lettres d’informations de Cybermalveillance.gouv.fr.

Thu, 05 Jun 2025 09:00:00 GMT

read more

CVE-2025-5645 - Radare2 r_cons_pal_init Memory Corruption Vulnerability

CVE ID : CVE-2025-5645
Published : June 5, 2025, 8:15 a.m. | 6 hours, 9 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 08:15:00 GMT

read more

CVE-2025-5646 - "Radare2 Rainbow Free Memory Corruption Vulnerability"

CVE ID : CVE-2025-5646
Published : June 5, 2025, 8:15 a.m. | 6 hours, 9 minutes ago
Description : A vulnerability has been found in Radare2 5.9.9 and classified as problematic. This vulnerability affects the function r_cons_rainbow_free in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 08:15:00 GMT

read more

CVE-2025-5641 - "Radare2 Memory Corruption Vulnerability in r_cons_is_breaked Function"

CVE ID : CVE-2025-5641
Published : June 5, 2025, 7:15 a.m. | 7 hours, 9 minutes ago
Description : A vulnerability was found in Radare2 5.9.9. It has been rated as problematic. This issue affects the function r_cons_is_breaked in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". An additional warning regarding threading support has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 07:15:00 GMT

read more

CVE-2025-5642 - Radare2 radiff2 Memory Corruption Vulnerability

CVE ID : CVE-2025-5642
Published : June 5, 2025, 7:15 a.m. | 7 hours, 9 minutes ago
Description : A vulnerability classified as problematic has been found in Radare2 5.9.9. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 07:15:00 GMT

read more

CVE-2025-5643 - "Radare2 Local Memory Corruption Vulnerability"

CVE ID : CVE-2025-5643
Published : June 5, 2025, 7:15 a.m. | 7 hours, 9 minutes ago
Description : A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this vulnerability is the function cons_stack_load in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 07:15:00 GMT

read more

CVE-2025-5644 - Radare2 Use After Free Vulnerability in r_cons_flush Function

CVE ID : CVE-2025-5644
Published : June 5, 2025, 7:15 a.m. | 7 hours, 9 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function r_cons_flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 07:15:00 GMT

read more

CVE-2025-5683 - Qt QImage ICNS Format Image File Buffer Overflow

CVE ID : CVE-2025-5683
Published : June 5, 2025, 6:15 a.m. | 8 hours, 9 minutes ago
Description : When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 06:15:00 GMT

read more

CVE-2025-3055 - WordPress User Frontend Pro File Deletion Vulnerability

CVE ID : CVE-2025-3055
Published : June 5, 2025, 6:15 a.m. | 6 hours, 38 minutes ago
Description : The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_avatar_ajax() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 06:15:00 GMT

read more

CVE-2025-5639 - PHPGurukul Notice Board System SQL Injection Vulnerability

CVE ID : CVE-2025-5639
Published : June 5, 2025, 6:15 a.m. | 6 hours, 38 minutes ago
Description : A vulnerability was found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 06:15:00 GMT

read more

CVE-2025-5640 - "PX4-Autopilot MavlinkReceiver Stack-Based Buffer Overflow Vulnerability"

CVE ID : CVE-2025-5640
Published : June 5, 2025, 6:15 a.m. | 6 hours, 38 minutes ago
Description : A vulnerability was found in PX4-Autopilot 1.12.3. It has been classified as problematic. This affects the function MavlinkReceiver::handle_message_trajectory_representation_waypoints of the file mavlink_receiver.cpp of the component TRAJECTORY_REPRESENTATION_WAYPOINTS Message Handler. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 06:15:00 GMT

read more

CVE-2025-3054 - WordPress WP User Frontend Pro Plugin Arbitrary File Upload Vulnerability

CVE ID : CVE-2025-3054
Published : June 5, 2025, 6:15 a.m. | 6 hours, 13 minutes ago
Description : The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Please note that this requires the 'Private Message' module to be enabled and the Business version of the PRO software to be in use.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 06:15:00 GMT

read more

CVE-2025-1793 - AWS Run-llama SQL Injection Vulnerability

CVE ID : CVE-2025-1793
Published : June 5, 2025, 5:15 a.m. | 7 hours, 13 minutes ago
Description : Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 05:15:00 GMT

read more

CVE-2025-5636 - PCMan FTP Server Buffer Overflow Vulnerability

CVE ID : CVE-2025-5636
Published : June 5, 2025, 5:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component SET Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 05:15:00 GMT

read more

CVE-2025-5637 - PCMan FTP Server SYSTEM Command Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5637
Published : June 5, 2025, 5:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component SYSTEM Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 05:15:00 GMT

read more

CVE-2025-5638 - PHPGurukul Notice Board System SQL Injection Vulnerability

CVE ID : CVE-2025-5638
Published : June 5, 2025, 5:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability has been found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 05:15:00 GMT

read more

CVE-2025-5633 - Content Management System and News-Buzz SQL Injection Vulnerability

CVE ID : CVE-2025-5633
Published : June 5, 2025, 4:15 a.m. | 6 hours, 37 minutes ago
Description : A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/users.php. The manipulation of the argument delete leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 04:15:00 GMT

read more

CVE-2025-5634 - PCMan FTP Server NOOP Command Handler Buffer Overflow

CVE ID : CVE-2025-5634
Published : June 5, 2025, 4:15 a.m. | 6 hours, 37 minutes ago
Description : A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component NOOP Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 04:15:00 GMT

read more

CVE-2025-5635 - PCMan FTP Server PLS Command Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5635
Published : June 5, 2025, 4:15 a.m. | 6 hours, 37 minutes ago
Description : A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component PLS Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 04:15:00 GMT

read more

CVE-2025-5632 - Content-Management-System News-Buzz SQL Injection Vulnerability

CVE ID : CVE-2025-5632
Published : June 5, 2025, 4:15 a.m. | 6 hours, 12 minutes ago
Description : A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/users.php. The manipulation of the argument change_to_admin leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 04:15:00 GMT

read more

CVE-2025-5629 - Tenda AC10 HTTP Handler PPTP Server Buffer Overflow Vulnerability

CVE ID : CVE-2025-5629
Published : June 5, 2025, 3:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 03:15:00 GMT

read more

CVE-2025-5630 - D-Link DIR-816 Remote Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5630
Published : June 5, 2025, 3:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 03:15:00 GMT

read more

CVE-2025-5631 - Content Management System and News-Buzz SQL Injection Vulnerability

CVE ID : CVE-2025-5631
Published : June 5, 2025, 3:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been classified as critical. Affected is an unknown function of the file /publicposts.php. The manipulation of the argument post leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 03:15:00 GMT

read more

CVE-2025-48432 - Apache Django Log Injection Vulnerability

CVE ID : CVE-2025-48432
Published : June 5, 2025, 3:15 a.m. | 5 hours, 53 minutes ago
Description : An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 03:15:00 GMT

read more

CVE-2025-49466 - AERC Directory Traversal Vulnerability

CVE ID : CVE-2025-49466
Published : June 5, 2025, 3:15 a.m. | 5 hours, 53 minutes ago
Description : aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 03:15:00 GMT

read more

CVE-2025-5628 - SourceCodester Food Menu Manager Cross Site Scripting (XSS)

CVE ID : CVE-2025-5628
Published : June 5, 2025, 2:15 a.m. | 6 hours, 53 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in SourceCodester Food Menu Manager 1.0. Affected by this issue is some unknown functionality of the file /index.php of the component Add Menu Handler. The manipulation of the argument name/description leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 02:15:00 GMT

read more

CVE-2025-5626 - Campcodes Online Teacher Record Management System SQL Injection

CVE ID : CVE-2025-5626
Published : June 5, 2025, 1:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability classified as critical has been found in Campcodes Online Teacher Record Management System 1.0. Affected is an unknown function of the file /admin/edit-subjects-detail.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 01:15:00 GMT

read more

CVE-2025-5627 - "Code-projects Patient Record Management System SQL Injection Vulnerability"

CVE ID : CVE-2025-5627
Published : June 5, 2025, 1:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability classified as critical was found in code-projects Patient Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /sputum_form.php. The manipulation of the argument itr_no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 01:15:00 GMT

read more

CVE-2025-49008 - Atheos Command Injection Vulnerability

CVE ID : CVE-2025-49008
Published : June 5, 2025, 1:15 a.m. | 5 hours, 13 minutes ago
Description : Atheos is a self-hosted browser-based cloud integrated development environment. Prior to version 6.0.4, improper use of `escapeshellcmd()` in `/components/codegit/traits/execute.php` allows argument injection, leading to arbitrary command execution. Atheos administrators and users of vulnerable versions are at risk of data breaches or server compromise. Version 6.0.4 introduces a `Common::safe_execute` function that sanitizes all arguments using `escapeshellarg()` prior to execution and migrated all components potentially vulnerable to similar exploits to use this new templated execution system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 01:15:00 GMT

read more

CVE-2025-5624 - "D-Link DIR-816 Stack-Based Buffer Overflow Vulnerability"

CVE ID : CVE-2025-5624
Published : June 5, 2025, 1:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_remarker leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 01:15:00 GMT

read more

CVE-2025-5625 - Campcodes Online Teacher Record Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5625
Published : June 5, 2025, 1:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability was found in Campcodes Online Teacher Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /search-teacher.php. The manipulation of the argument searchteacher leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 01:15:00 GMT

read more

Cybermois 2025

Le Mois européen de la cybersécurité est une initiative européenne (ENISA)
qui vise à sensibiliser aux cybermenaces et aux bons réflexes pour s’en protéger.
En France, il est piloté par Cybermalveillance.gouv.fr

Thu, 05 Jun 2025 01:11:00 GMT

read more

« Histoire de Cyber » : engagez-vous pour le Cybermois 2025

Et si vous deveniez acteur du Cybermois 2025 ? Nous vous invitons à vous engager et à prendre part à une action citoyenne en relayant la campagne de sensibilisation « Histoire de Cyber » tout au long du mois d’octobre. Rejoignez la mobilisation nationale : inscrivez-vous dès maintenant…

Thu, 05 Jun 2025 01:09:00 GMT

read more

Cybermois 2025 : kit de communication

Vous souhaitez communiquer sur le Cybermois 2025 auprès de vos publics, éditer les supports du Cybermois à vos couleurs ou réutiliser des contenus de sensibilisation ? Nous vous mettons à disposition différents outils incluant.

Thu, 05 Jun 2025 01:05:00 GMT

read more

CVE-2025-5620 - D-Link DIR-816 OS Command Injection Vulnerability

CVE ID : CVE-2025-5620
Published : June 5, 2025, 12:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of the argument localIP/remoteIP leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 00:15:00 GMT

read more

CVE-2025-5621 - D-Link DIR-816 OS Command Injection Vulnerability

CVE ID : CVE-2025-5621
Published : June 5, 2025, 12:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 00:15:00 GMT

read more

CVE-2025-5622 - D-Link DIR-816 Wireless Stack-Based Buffer Overflow

CVE ID : CVE-2025-5622
Published : June 5, 2025, 12:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5g leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 00:15:00 GMT

read more

CVE-2025-5623 - D-Link DIR-816 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5623
Published : June 5, 2025, 12:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 00:15:00 GMT

read more

CVE-2025-5618 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5618
Published : June 4, 2025, 11:15 p.m. | 7 hours, 13 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. This vulnerability affects unknown code of the file /admin/edit-team.php. The manipulation of the argument teamid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 23:15:00 GMT

read more

CVE-2025-5619 - Tenda CH22 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5619
Published : June 4, 2025, 11:15 p.m. | 7 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 23:15:00 GMT

read more

CVE-2025-49007 - Apache Rack Denial of Service Vulnerability

CVE ID : CVE-2025-49007
Published : June 4, 2025, 11:15 p.m. | 6 hours, 13 minutes ago
Description : Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. Version 3.1.16 contains a patch for the vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 23:15:00 GMT

read more

CVE-2025-5616 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5616
Published : June 4, 2025, 11:15 p.m. | 6 hours, 13 minutes ago
Description : A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 23:15:00 GMT

read more

CVE-2025-5617 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5617
Published : June 4, 2025, 11:15 p.m. | 6 hours, 13 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. This affects an unknown part of the file /admin/manage-teams.php. The manipulation of the argument teamid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 23:15:00 GMT

read more

CVE-2025-5690 - PostgreSQL Anonymizer Mask Data Read Bypass

CVE ID : CVE-2025-5690
Published : June 4, 2025, 10:15 p.m. | 7 hours, 13 minutes ago
Description : PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 22:15:00 GMT

read more

CVE-2025-5613 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5613
Published : June 4, 2025, 10:15 p.m. | 6 hours, 12 minutes ago
Description : A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This issue affects some unknown processing of the file /request-details.php. The manipulation of the argument requestid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 22:15:00 GMT

read more

CVE-2025-5614 - PHPGurukul Online Fire Reporting System SQL Injection

CVE ID : CVE-2025-5614
Published : June 4, 2025, 10:15 p.m. | 6 hours, 12 minutes ago
Description : A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 22:15:00 GMT

read more

CVE-2025-5615 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5615
Published : June 4, 2025, 10:15 p.m. | 6 hours, 12 minutes ago
Description : A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /details.php. The manipulation of the argument requestid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 22:15:00 GMT

read more

CVE-2025-5612 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5612
Published : June 4, 2025, 9:15 p.m. | 7 hours, 12 minutes ago
Description : A vulnerability has been found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This vulnerability affects unknown code of the file /reporting.php. The manipulation of the argument fullname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 21:15:00 GMT

read more

CVE-2025-46341 - FreshRSS HTTP Auth Header Impersonation Vulnerability

CVE ID : CVE-2025-46341
Published : June 4, 2025, 9:15 p.m. | 5 hours, 12 minutes ago
Description : FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, when the server is using HTTP auth via reverse proxy, it's possible to impersonate any user either via the `Remote-User` header or the `X-WebAuth-User` header by making specially crafted requests via the add feed functionality and obtaining the CSRF token via XPath scraping. The attacker has to know the IP address of the proxied FreshRSS instance and the admin's username, while also having an account on the instance. An attacker can send specially crafted requests in order to gain unauthorized access to internal services. This can also lead to privilege escalation like in the demonstrated scenario, although users that have setup OIDC are not affected by privilege escalation. Version 1.26.2 contains a patch for the issue.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 21:15:00 GMT

read more

CVE-2025-48947 - Auth0 Next.js SDK Cache-Control Header Missing Vulnerability

CVE ID : CVE-2025-48947
Published : June 4, 2025, 9:15 p.m. | 5 hours, 12 minutes ago
Description : The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, `__session` cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Three preconditions must be met in order for someone to be affected by the vulnerability: Applications using the NextJS-Auth0 SDK, versions between 4.0.1 to 4.6.0, applications using CDN or edge caching that caches responses with the Set-Cookie header, and if the Cache-Control header is not properly set for sensitive responses. Users should upgrade auth0/nextjs-auth0 to v4.6.1 to receive a patch.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 21:15:00 GMT

read more

CVE-2025-5610 - CodeAstro Real Estate Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5610
Published : June 4, 2025, 9:15 p.m. | 5 hours, 12 minutes ago
Description : A vulnerability, which was classified as critical, has been found in CodeAstro Real Estate Management System 1.0. Affected by this issue is some unknown functionality of the file /submitpropertydelete.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 21:15:00 GMT

read more

CVE-2025-5611 - CodeAstro Real Estate Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5611
Published : June 4, 2025, 9:15 p.m. | 5 hours, 12 minutes ago
Description : A vulnerability, which was classified as critical, was found in CodeAstro Real Estate Management System 1.0. This affects an unknown part of the file /submitpropertyupdate.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 21:15:00 GMT

read more

CVE-2025-5608 - Tenda AC18 Buffer Overflow Vulnerability

CVE ID : CVE-2025-5608
Published : June 4, 2025, 8:15 p.m. | 6 hours, 12 minutes ago
Description : A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 20:15:00 GMT

read more

CVE-2025-5609 - Tenda AC18 Buffer Overflow Vulnerability

CVE ID : CVE-2025-5609
Published : June 4, 2025, 8:15 p.m. | 6 hours, 12 minutes ago
Description : A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 20:15:00 GMT

read more

CVE-2025-32015 - FreshRSS Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-32015
Published : June 4, 2025, 8:15 p.m. | 3 hours, 27 minutes ago
Description : FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the `